Online News Features Blogs RSS Feeds White Papers Conference Videos Departments Administration Infrastructure Security Networking Web Works Programming Desktop Community Resources Current Issue Special Editions Spotlight Reviews Event Calendar Archives      2012      2011      2010      2009      2008      2007      2006      2005 Article Code Subscribe Newsletter Contact Partner Links Make your own website WinWeb OnlineOffice Comparing prices of hardware is worth it. Price Comparison What: Where: Country: FranceGermanyItalyThe NetherlandsSpainUnited Kingdom njobs Linux vacatures njobs Linux arbeit njobs Linux jobs njobs Linux lavoro njobs Linux emploi njobs Linux trabajo Admin Magazine Subscribe now and save!  ADMIN - Explore the new world of system administration! ADMIN is a smart, technical magazine for IT pros on heterogeneous networks. Each issue delivers technical solutions to the real-world problems you face every day. Learn the latest techniques for better: network security system management troubleshooting performance tuning virtualization cloud computing  on Windows, Linux, Solaris, and popular varieties of Unix. http://www.admin-magazine.com/

linux-magazine.com » Issues » 2009 » 99 » Security Lessons   Sometimes, even ING, YouTube, The New York Times, and Google get it wrong. Defenses for Web Users The good news is that a number of defenses against CSRF attacks are available for web browsers. A common one is the NoScript plugin for Firefox. Unfortunately, for NoScript to be effective, you need to disable JavaScript by default and then selectively enable JavaScript for sites you trust. This leads to obvious usability issues because many sites do not work at all or very poorly if JavaScript is not enabled. Additionally, it will not prevent an attacker from leveraging a cross-site scripting flaw in a site you trust. However, not all browsers support such selective control over which sites get to execute JavaScript. Another option is simply to install a separate web browser or run a separate instance of a web browser and use it for trusted online activities such as web-based banking and email. One browser that has incorporated this strategy is Google Chrome. Each browser tab in Chrome is actually a separate process and not a thread running within the same context as other threads (tabs). Thus, the tabs cannot interfere with each other, rendering most CSRF attacks impotent. Infos Cross-Site Request Forgery (CSRF): http://www.owasp.org/index.php/Cross-Site_Request_Forgery Zeller, W., and Felten, E.W. "Cross-Site Request Forgeries: Exploitation and Prevention," 2008, http://www.freedom-to-tinker.com/sites/default/files/csrf.pdf The Author Kurt Seifried is an Information Security Consultant specializing in Linux and networks since 1996. He often wonders how it is that technology works on a large scale but often fails on a small scale. « Previous 1 2 Read full article as PDF » Security_Lessons_Cross-site_Scripting_Request_Forgeries.pdf 259.83 kB Comments Sometimes, even ING, YouTube, The New York Times, and Google get it wrong. Get your backstage pass to Linux! If you're ready for a deeper look, Linux Magazine gives you a view behind the scenes. Don't miss out on the tools, tutorials, and reviews you'll need to unlock the secrets of Linux. more...

In the US and Canada, Linux Magazine is known as Linux Pro Magazine.

© 2012Linux New Media USA, LLC

Linux New Media Websites
International: [Linux Magazine] [ADMIN Magazine] [Ubuntu User] [Smart Developer] [Linux Magazine Academy]
North America: [Linux Pro Magazine] [ADMIN Magazine] [Ubuntu User] [Smart Developer]
Germany: [Linux-Magazin] [ADMIN Magazin] [LinuxUser] [EasyLinux] [Linux-Community]
[Ubuntu User] [Smart Developer] [Android User] [Linux-Magazin Academy]
Poland: [Linux Magazine] [EasyLinux]
Spain: [Linux Magazine] [Ubunutu User]
Netherlands: [Linux Magazine Academy]
Brazil: [Linux Magazine] [ADMIN Magazine] [Ubuntu User] [Guia de TI]